In the past couple of years we’ve seen a drastic increase in the number of DDoS (distributed denial-of-service) attacks taking place, many of which are being carried out as a means of protest by various groups. The attacks are attempts to make a machine or network resource such as a website totally unavailable to anyone trying to reach it. The reasons for the attacks vary, as do the means used to carry them out. A typical attack generally consists of efforts by two or more persons, and in many cases, botnets, to temporarily or indefinitely interrupt or suspend services of a specific host connected to the Internet. Such attacks usually lead to a server overload and are implemented by either forcing the targeted computer(s) to reset, or consuming enough of its resources so that it can no longer provide its intended service, or by obstructing the communication media between the intended users and the targeted victim so that they can no longer communicate. Based on a new report, now it appears that the attackers are changing their techniques in order to launch much larger scale attacks on websites.
In a Global DDoS Attack Report from the 1st quarter of 2014 released Thursday, Prolexic Technology describes seeing a new trend toward “reflection and amplification techniques” which are being used more frequently in lieu of the botnet methods.
The report states, “Instead of using a network of zombie computers, the newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. We believe this approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.”
Prolexic mentions that these new attack tools can deliver a much more powerful punch. In this Q1 2014 report they saw a 39 percent increase in average bandwidth and also saw the largest-ever DDoS attack, one that involved multiple reflection techniques combined with a traditional botnet-based application attack. That attack generated peak traffic of more than 200 Gbps (gigabits per second) and 53.5 Mpps (million packets per second).
The report also states, “Compared to the same quarter one year ago, peak attack bandwidth increased 133% compared to Q1 last year.” The full report showed that the media and entertainment industry were the targets in more than half of the attacks in the first quarter. Prolexic Technology is owned by Akamai.
Unfortunately, the new techniques are becoming all too popular with some websites now providing easy access to the services for use in launching these types of attacks.